[Nulled] » Information security » Deep Instinct recercers discovered a new company using remote access Trojans (RAT)
January 16 2023

Deep Instinct recercers discovered a new company using remote access

web3 16-01-2023, 13:05 Information security 197

Deep Instinct recercers discovered a new company using remote access Trojans (RAT) Strat and Ratty, whose operators use MSI/JAR and CAB/JAR files to avoid detection.

Polyglot files combine two or more formats in such a way that they can be accurately interpreted and run by several different applications.

Attackers are making steady progress, even considering how old and well-studied both RAT are.

For several years, software operators have been using polyglot files to hide malicious code and circumvent security measures. This technique has also been used recently by the operators of the StrelaStealer malware targeting Outlook and Thunderbird accounts.

And no wonder, Deep Instinct in the last campaign observed the unification of JAR and MSI formats into one file, which was recorded back in 2018.

JAR files are archives identified by an entry at the end, whereas in MSI the file type identifier with a header at the beginning of the file, so attackers can easily combine the two formats into one file.

The dual format allows them to be executed as an MSI in Windows, as well as as a JAR file by the Java runtime environment.

JAR files are not executable files, so they are not so thoroughly checked by antivirus tools. This allows them to hide malicious code and force the AV to scan the MSI part of the file that needs to pass verification.

In the new Deep Instinct campaign, CAB/JAR combinations were noticed instead of MSI, also associated with the mentioned RAT families. CAB files are also a good option for multilingual combinations with JAR, having the necessary header to interpret the file type.

Polyglot used in the campaign is distributed via Sendgrid and URL shortening services (Cutt.ly and Rebrand.ly ), and the extracted payloads Strat and Ratty are stored in Discord.

As for CAB/JAR detection, the level ranges from 10% to 50% (6 positive results out of 59 antivirus cores on Virus Total, the variant with MSI has 30).

Deep Instinct reports that many of the detected Polyglots for both Strat and Ratty use the same C2 and are hosted by the same Bulgarian hosting company.

Thus, it is quite possible that both strains are used in the same campaign conducted by the same operator.

Information

Visitors who are in the group Guests they can't download files.
Log in to the site under your login and password or if you are a new user go through the process registrations on the website.

Comments:

This publication has no comments yet. You can be the first!

Information the publication:

  • Author of the publication: web3
  • Date of publication: 16 January 2023 13:05
  • Publication category(s): Information security
  • Number of views of the publication: 197
  • Number of comments to the publication: 0

Related News

15 January 2023
Information security
🔓 A free decryptor has

🔓 A free decryptor has appeared for the MegaCortex ransomware Bitdefender has released a tool for decrypting files

Read more
15 January 2023
Information security
Synology has eliminated

Synology has eliminated a critical vulnerability in VPN routers

Read more
24 November 2022
WordPress»,WordPress Plugins
Wordfence Security

The Wordfence Security Premium plugin is a total protection for your website on the WordPress engine. Helps to

Read more
18 November 2022
Forums Invision Community»,Modifications Invision Community
Patreon Integration 1.0.6

With this plugin, site owners can connect a Patreon campaign to their forum, allowing members to link their

Read more
18 June 2022
WebSite support
Get Premium Developer

Get Premium Developer access to all resources - Premium { DEV } The site has exclusive private content that costs

Read more

Information

Users of 🆅🅸🆂🅸🆃🅾🆁 are not allowed to comment this publication.

Site Search

Site Menu


☑ Websites Scripts

Calendar

«    November 2024    »
MonTueWedThuFriSatSun
 123
45678910
11121314151617
18192021222324
252627282930 

Advertisement

Survey on the website

Evaluate the work of the site
 

Statistics

  • +14 Total articles 6747
  • +13 Comments 4077
  • +24 Users : 5842